Working with Entrust Digital Signing Certificates on Linux Ubuntu

Hi, The engineering licensing body where I am requires us to use that uses Entrust certificates and services. Notarius has apps for signing/certifying documents, like pdf, with apps running on Windows. For non-engineering applications I’ve been signing/certifying documents using MasterPDF, LibreOffice & other programs on Ubuntu 20.04 with Seahorse as a certificate manager. I’ve requested from Notarius customer support to have the certificates so I can work without their Windows software but they don’t seem to understand the question, insisting I need an epf file, a Microsoft security file. I’m a bit of a cybersecurity newby and I’m wondering exactly what files I should be asking for. For Entrust would it be a .pem, .pki or .crt file? There’s information on how to setup a root certificate for Entrust on Ubuntu but what else do I need? Thanks for any help in this regards.

Best Regards,


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello Christian,

An EPF file is what I would call an Entrust formatted security file which holds certificates, private keys and other security data. Some times it’s referred to as an Entrust Profile. Most standard applications do not know how to use an EPF file.

I’ll assume that there is a certificate associated with your name that was created/managed by using Entrust. You would need to get a copy of this certificate; which appears to be what you are trying to do. If they are insisting that you need an EPF file, does that mean they are willing to provide you with that EPF file?

What you likely need is an PKCS12 formatted certificate (often held in a file with extension .p12 or .pfx). If you have a .pem file that is associated with your certificate, then that might work, but that depends on what is in the PEM file (a file in PEM format can contain lots of different things). If they have the EPF file for your certificate, then they should be able to export your certificate out of the EPF file and into a PKCS12 file. If they can’t do that, but they are able to give you the EPF file, then you should be able to do that export yourself. There is an Entrust application (Windows based) for performing such an export.

If you get access to the EPF file but are stuck trying to find a way to export the certificates using your Ubuntu GNU/Linux system, then let me know as I have ideas for that also.

Thanks, Deric


I am not rally familiar with, but in most cases a .pem certificate should be sufficient.

However if this does not work, my advise would be to ask your case to be escalated with as they are the provider of the service and they should be able to confirm this.